What are the recommended arguments for ssh-keygen?

The default 2048 bit RSA is considered safe until 2030. If that is good enough for you you can generate your keys with the following command:

ssh-keygen -f $HOME/.ssh/rsa_key_file_2048

If you require a key that is safe beyond 2030 a longer key is recommended (3072 bit should suffice). You can define the key size with the -b argument:

ssh-keygen -t rsa -b 3072 -f $HOME/.ssh/rsa_key_file_3072

The result of the commands are two files: the private key as defined by the -f argument, and the public key with the extension .pub.

Tags:

Security

Ssh